Starting from Sentinel 8.6, the communication between OpenSearch and Sentinel is secured, hence OpenSearch certificate needs to be added in the FIPS keystore of the Sentinel server and Remote Collector Managers (RCM).
Add the internal OpenSearch certificate generated during the Sentinel installation to the Sentinel server's FIPS keystore using the following command:
./convert_to_fips.sh -i <sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs/root-ca.pem./convert_to_fips.sh -i <sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs/admin.pem./convert_to_fips.sh -i <sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs/node.pem./convert_to_fips.sh -i <sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs/client.pem
NOTE:Give unique alias names for each certificate when prompted.
Navigate to <sentinel_installation_path>/opt/novell/sentinel/3rdparty/opensearch/config/certs/ in the sentinel server and copynode.pem, client.pem, root-ca.pem, admin.pem certificate files to all the RCMs.
Login to the Remote Collector Manager or Correlation Engine system and Switch to novell user:
su novell
Navigate to the bin directory. The default location is/opt/novell/sentinel/bin and import the certificates in the FIPS keystore by following commands:
./convert_to_fips.sh -i <path of the certificate copied above>/root_ca.pem./convert_to_fips.sh -i <path of the certificate copied above>/admin.pem./convert_to_fips.sh -i <path of the certificate copied above>/node.pem./convert_to_fips.sh -i <path of the certificate copied above>/client.pem
NOTE:Provide unique alias names for each certificate when prompted.